Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
TrustYou is a German guest feedback and reputation management platform for the hospitality industry. It aggregates online reviews, sends post-stay survey emails, and provides sentiment analysis dashboards. As a German company with EU infrastructure, GDPR applies directly and no third-country transfers are required. Post-stay review request emails can rely on legitimate interest given the existing guest relationship, making TrustYou one of the most GDPR-compliant review platforms available.
TrustYou is a Munich-based guest feedback and reputation management platform used by hotels, hotel chains, and travel companies. It aggregates guest reviews from major OTAs and booking platforms, enables post-stay survey email campaigns, provides semantic sentiment analysis of review content, and offers reputation benchmarking dashboards. TrustYou processes guest email addresses to send review invitations and aggregates publicly available review content for analysis.
TrustYou processes guest email addresses and stay data (check-in date, property, stay duration) to send post-stay review invitation emails. It also aggregates publicly available review content from OTAs and booking platforms. If a review widget is embedded on the hotel website, it may set cookies. All data is processed on TrustYou''s EU-based servers in Germany.
TrustYou''s post-stay review request emails can generally rely on legitimate interest under GDPR Article 6(1)(f), as requesting feedback from recent guests with whom you have an existing relationship is a reasonable expectation. The balancing test favours legitimate interest given the minimal intrusiveness of a single post-stay email. However, guests must always be able to opt out and review invitations must include an unsubscribe link. Any marketing content beyond the review request requires separate consent.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
TrustYou is a German company processing all data in the EU. No transfer mechanism is required. This makes TrustYou the most GDPR-compliant major review platform for European hotels, compared to US-based alternatives like Revinate or Medallia.
Document your legitimate interest balancing test for post-stay review emails. Include an unsubscribe link in every review invitation. Update your privacy policy to describe TrustYou as a processor with EU data storage. Sign a DPA with TrustYou. If a review widget is embedded, obtain ePrivacy consent for any cookies it sets.
Websites using TrustYou must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is generally not required for standard review collection and aggregation. The EU data location and limited personal data processing (primarily guest email and stay data) result in a low overall risk profile.
Sample consent text
We use TrustYou to collect and display guest reviews. TrustYou may send you a post-stay survey email based on your recent stay with us. Data is processed by TrustYou on servers in Germany. You may unsubscribe from review requests at any time.
Third-party domains contacted
trustyou.comapi.trustyou.comcdn.trustyou.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| ty_widget | persistent | 1 year | Widget state cookie set when a TrustYou review widget is embedded on the hotel website |
TrustYou places tracking cookies for advertising — comply with GDPR using FlowConsent.
TrustYou may set cookies if a review widget is embedded on your website. The review aggregation and post-stay email functions themselves do not require cookies on the visitor's device. If embedding a TrustYou review widget, ePrivacy consent is required for any non-essential cookies the widget sets.
Not necessarily for the core post-stay review email function, which can rely on legitimate interest. If a review widget is embedded on your website and sets non-essential cookies, ePrivacy consent is required. All guests receiving review invitation emails must have a clear opt-out mechanism.
Legitimate interest under Article 6(1)(f) GDPR is the most appropriate basis for sending post-stay review requests to recent guests. The balancing test generally favours legitimate interest: the processing is limited in scope (one email to a recent guest), the interest (quality feedback) is legitimate, and guests have a reasonable expectation of post-stay contact. A documented balancing test should be maintained.
No. TrustYou is a German company that processes all data in the EU. No transfer mechanism under GDPR Chapter V is required. This is a significant advantage over US-based hotel review platforms.
Generally not. The EU data location, limited personal data scope (email and stay data), and low-intrusiveness of post-stay review emails result in a low overall risk profile. A DPIA is not typically required for standard TrustYou deployments.
Document your legitimate interest balancing test. Include an unsubscribe link in every review invitation email. Update your privacy policy to describe TrustYou as a processor with EU data storage. Sign a DPA with TrustYou. Provide guests with the ability to opt out of future review requests at any time.
No, not on the basis of legitimate interest alone. Marketing emails beyond the review request require a separate, explicit marketing consent. Review request emails should be limited to requesting feedback about the recent stay. Adding promotional offers or marketing content to review invitation emails changes the legal basis requirement to consent.
Add a section on guest feedback management. Describe TrustYou as a processor used to collect and aggregate guest reviews, explain that guest email addresses and stay data are shared with TrustYou to send review invitations, state the legitimate interest legal basis and right to object, note the EU data storage location in Germany, and provide a link to TrustYou's privacy policy.